Setting up custom ingress gateway

Knative uses a shared ingress Gateway to serve all incoming traffic within
Knative service mesh, which is the knative-ingress-gateway Gateway under
knative-serving namespace. By default, we use Istio gateway service
istio-ingressgateway under istio-system namespace as its underlying service.
You can replace the service with that of your own as follows.

Step 1: Create Gateway Service and Deployment Instance

You’ll need to create the gateway service and deployment instance to handle
traffic first. The simplest way should be making a copy of the Gateway service
template in Istio release.

Here is an example:

apiVersion:v1kind:Servicemetadata:name:custom-ingressgatewaynamespace:istio-systemannotations:labels:chart:gateways-1.0.1release:RELEASE-NAMEheritage:Tillerapp:custom-ingressgatewaycustom:ingressgatewayspec:type:LoadBalancerselector:app:custom-ingressgatewaycustom:ingressgatewayports:-name:http2nodePort:32380port:80targetPort:80-name:httpsnodePort:32390port:443-name:tcpnodePort:32400port:31400-name:tcp-pilot-grpc-tlsport:15011targetPort:15011-name:tcp-citadel-grpc-tlsport:8060targetPort:8060-name:tcp-dns-tlsport:853targetPort:853-name:http2-prometheusport:15030targetPort:15030-name:http2-grafanaport:15031targetPort:15031---# This is the corresponding deployment to back the gateway serviceapiVersion:extensions/v1beta1kind:Deploymentmetadata:name:custom-ingressgatewaynamespace:istio-systemlabels:chart:gateways-1.0.1release:RELEASE-NAMEheritage:Tillerapp:custom-ingressgatewaycustom:ingressgatewayspec:replicas:1selector:matchLabels:app:custom-ingressgatewaycustom:ingressgatewaytemplate:metadata:labels:app:custom-ingressgatewaycustom:ingressgatewayannotations:sidecar.istio.io/inject:"false"scheduler.alpha.kubernetes.io/critical-pod:""spec:serviceAccountName:istio-ingressgateway-service-accountcontainers:-name:istio-proxyimage:"docker.io/istio/proxyv2:1.0.2"imagePullPolicy:IfNotPresentports:-containerPort:80-containerPort:443-containerPort:31400-containerPort:15011-containerPort:8060-containerPort:853-containerPort:15030-containerPort:15031args:-proxy-router--v-"2"---discoveryRefreshDelay-"1s"#discoveryRefreshDelay---drainDuration-"45s"#drainDuration---parentShutdownDuration-"1m0s"#parentShutdownDuration---connectTimeout-"10s"#connectTimeout---serviceCluster-custom-ingressgateway---zipkinAddress-zipkin:9411---statsdUdpAddress-istio-statsd-prom-bridge:9125---proxyAdminPort-"15000"---controlPlaneAuthPolicy-NONE---discoveryAddress-istio-pilot:8080resources:requests:cpu:10menv:-name:POD_NAMEvalueFrom:fieldRef:apiVersion:v1fieldPath:metadata.name-name:POD_NAMESPACEvalueFrom:fieldRef:apiVersion:v1fieldPath:metadata.namespace-name:INSTANCE_IPvalueFrom:fieldRef:apiVersion:v1fieldPath:status.podIP-name:ISTIO_META_POD_NAMEvalueFrom:fieldRef:fieldPath:metadata.namevolumeMounts:-name:istio-certsmountPath:/etc/certsreadOnly:true-name:ingressgateway-certsmountPath:"/etc/istio/ingressgateway-certs"readOnly:true-name:ingressgateway-ca-certsmountPath:"/etc/istio/ingressgateway-ca-certs"readOnly:truevolumes:-name:istio-certssecret:secretName:istio.istio-ingressgateway-service-accountoptional:true-name:ingressgateway-certssecret:secretName:"istio-ingressgateway-certs"optional:true-name:ingressgateway-ca-certssecret:secretName:"istio-ingressgateway-ca-certs"optional:trueaffinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:-matchExpressions:-key:beta.kubernetes.io/archoperator:Invalues:-amd64-ppc64le-s390xpreferredDuringSchedulingIgnoredDuringExecution:-weight:2preference:matchExpressions:-key:beta.kubernetes.io/archoperator:Invalues:-amd64-weight:2preference:matchExpressions:-key:beta.kubernetes.io/archoperator:Invalues:-ppc64le-weight:2preference:matchExpressions:-key:beta.kubernetes.io/archoperator:Invalues:-s390x